Changeset f77a256 for fedd


Ignore:
Timestamp:
Jan 11, 2012 4:02:07 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
compt_changes, info-ops, master
Children:
6886c5a
Parents:
ee950c2
Message:

DETER plugin can act as users now

Location:
fedd
Files:
2 added
2 edited

Legend:

Unmodified
Added
Removed
  • fedd/access_to_abac.py

    ree950c2 rf77a256  
    7171#  All the local parsing functions get the unparsed remainder of the line
    7272#  (after the three-name and the attribute it maps to), the credential list to
    73 #  add the new ABAC credential(s) that will be mapped into the loacl
     73#  add the new ABAC credential(s) that will be mapped into the local
    7474#  credentials, the fedid of this entity, a dict mapping the local credentials
    7575#  to ABAC credentials that are required to exercise those local rights and the
     
    7777def parse_emulab(l, creds, me, to_id, p, gp, gu, lr):
    7878    '''
    79     Parse the emulab (project, allocation_user, access_user) format.  Access
    80     users are deprecates and allocation users used for both.  This fuction
    81     collapses them.
    82     '''
    83     right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*%s\s*\)' % \
    84             (proj_same_str, id_same_str,id_same_str)
     79    Parse the emulab (project, allocation_user, cert_file) format.
     80    '''
     81    right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*(%s)\s*\)' % \
     82            (proj_same_str, id_same_str,path_str)
    8583
    8684    m = re.match(right_side_str, l)
    8785    if m:
    88         project, user = m.group(1,2)
     86        project, user, cert = m.group(1,2,3)
    8987        # Resolve "<same>"s in project and user
    9088        if project == '<same>':
     
    114112                [attribute(p, x, lr) for x in (gp, gu) if x is not None])
    115113        creds.add(c)
    116         if (project, user) in to_id: to_id[(project,user)].append(c)
    117         else: to_id[(project,user)] = [ c ]
     114        if (project, user,cert) in to_id: to_id[(project,user,cert)].append(c)
     115        else: to_id[(project,user,cert)] = [ c ]
    118116    else:
    119117        raise parse_error("Badly formatted local mapping: %s" % l)
     
    320318id_str = '[a-zA-Z][\w_-]*'
    321319proj_str = '[a-zA-Z][\w_/-]*'
    322 path_str = '[a-zA-Z_/\.-]+'
     320path_str = '[a-zA-Z0-9_/\.-]+'
    323321id_any_str = '(%s|<any>)' % id_str
    324322proj_any_str = '(%s|<any>)' % proj_str
  • fedd/federation/emulab_access.py

    ree950c2 rf77a256  
    176176    def access_tuple(str):
    177177        """
    178         Convert a string of the form (id, id) into an access_project.  This is
    179         called by read_access to convert to local attributes.  It returns
    180         a tuple of the form (project, user).
     178        Convert a string of the form (id, id, id) into an access_project.  This
     179        is called by read_access to convert to local attributes.  It returns a
     180        tuple of the form (project, user, certificate_file).
    181181        """
    182182
    183183        str = str.strip()
    184         if str.startswith('(') and str.endswith(')') and str.count(',') == 1:
     184        if str.startswith('(') and str.endswith(')') and str.count(',') == 2:
    185185            # The slice takes the parens off the string.
    186             proj, user = str[1:-1].split(',')
    187             return (proj.strip(), user.strip())
     186            proj, user, cert = str[1:-1].split(',')
     187            return (proj.strip(), user.strip(), cert.strip())
    188188        else:
    189189            raise self.parse_error(
    190                     'Bad mapping (unbalanced parens or more than 1 comma)')
     190                    'Bad mapping (unbalanced parens or more than 2 commas)')
    191191
    192192    # RequestAccess support routines
    193193
    194     def save_project_state(self, aid, pname, uname, owners):
     194    def save_project_state(self, aid, pname, uname, certf, owners):
    195195        """
    196196        Save the project, user, and owners associated with this allocation.
     
    201201        self.allocation[aid]['project'] = pname
    202202        self.allocation[aid]['user'] = uname
     203        self.allocation[aid]['cert'] = certf
    203204        self.allocation[aid]['owners'] = owners
    204205        self.write_state()
     
    272273        aid = unicode(allocID)
    273274
    274         pname, uname = self.save_project_state(aid, found[0], found[1], owners)
     275        pname, uname = self.save_project_state(aid, found[0], found[1],
     276                found[2], owners)
    275277
    276278        services, svc_state = self.export_services(req.get('service',[]),
     
    690692        if aid in self.allocation:
    691693            user = self.allocation[aid].get('user', None)
     694            cert = self.allocation[aid].get('cert', None)
    692695            self.allocation[aid]['experiment'] = ename
    693696            self.allocation[aid]['nonce'] = nonce_experiment
     
    711714                    "Can't find creation user for %s" %aid)
    712715
    713         return (ename, proj, user, pubkey_base, secretkey_base, alloc_log)
     716        return (ename, proj, user, cert, pubkey_base, secretkey_base, alloc_log)
    714717
    715718    def decorate_topology(self, info, t):
     
    853856        try:
    854857            self.retrieve_software(topo, certfile, softdir)
    855             ename, proj, user, pubkey_base, secretkey_base, alloc_log = \
    856                     self.initialize_experiment_info(attrs, aid,
    857                             certfile, tmpdir)
     858            ename, proj, user, xmlrpc_cert, pubkey_base, secretkey_base, \
     859                alloc_log =  self.initialize_experiment_info(attrs, aid,
     860                        certfile, tmpdir)
    858861
    859862            if '/' in proj: proj, gid = proj.split('/')
     
    877880            starter = self.start_segment(keyfile=self.ssh_privkey_file,
    878881                    debug=self.create_debug, log=alloc_log, boss=self.boss,
    879                     ops=self.ops, cert=self.xmlrpc_cert)
     882                    ops=self.ops, cert=xmlrpc_cert)
    880883            rv = starter(self, ename, proj, user, expfile, tmpdir, gid=gid)
    881884        except service_error, e:
     
    918921            proj = self.allocation[aid].get('project', None)
    919922            user = self.allocation[aid].get('user', None)
     923            xmlrpc_cert = self.allocation[aid].get('cert', None)
    920924            ename = self.allocation[aid].get('experiment', None)
    921925            nonce = self.allocation[aid].get('nonce', False)
     
    925929            ename = None
    926930            nonce = False
     931            xmlrpc_cert = None
    927932        self.state_lock.release()
    928933
     
    942947        stopper = self.stop_segment(keyfile=self.ssh_privkey_file,
    943948                debug=self.create_debug, boss=self.boss, ops=self.ops,
    944                 cert=self.xmlrpc_cert)
     949                cert=xmlrpc_cert)
    945950        stopper(self, user, proj, ename, gid, nonce)
    946951        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
     
    966971            proj = self.allocation[aid].get('project', None)
    967972            user = self.allocation[aid].get('user', None)
     973            xmlrpc_cert = self.allocation[aid].get('cert', None)
    968974            ename = self.allocation[aid].get('experiment', None)
    969975        else:
     
    972978            ename = None
    973979            topo = None
     980            xmlrpc_cert = None
    974981        self.state_lock.release()
    975982
     
    989996        info = self.info_segment(keyfile=self.ssh_privkey_file,
    990997                debug=self.create_debug, boss=self.boss, ops=self.ops,
    991                 cert=self.xmlrpc_cert)
     998                cert=xmlrpc_cert)
    992999        info(self, user, proj, ename)
    9931000        self.decorate_topology(info, topo)
     
    10381045            raise service_error(service_error.req, "no targets")
    10391046
     1047        self.state_lock.acquire()
    10401048        if aid in self.allocation:
    10411049            topo = self.allocation[aid].get('topo', None)
    10421050            if topo: topo = topo.clone()
     1051            xmlrpc_cert = self.allocation[aid].get('cert', None)
    10431052        else:
    10441053            topo = None
     1054            xmlrpc_cert = None
     1055        self.state_lock.release()
    10451056
    10461057        targets = copy.copy(targets)
     
    10581069        ops = self.operation_segment(keyfile=self.ssh_privkey_file,
    10591070                debug=self.create_debug, boss=self.boss, ops=self.ops,
    1060                 cert=self.xmlrpc_cert)
     1071                cert=xmlrpc_cert)
    10611072        ops(self, op, ptargets, params, topo)
    10621073       
Note: See TracChangeset for help on using the changeset viewer.